Authentication Vulnerability in Dahua Surveillance Products
CVE-2017-7927

7.3HIGH

Key Information:

Vendor

Dahuasecurity

Status
Dahua Technology Co., Ltd Digital Video Recorders And Ip Cameras
Vendor
CVE Published:
6 May 2017

What is CVE-2017-7927?

An authentication vulnerability identified in multiple Dahua surveillance products enables unauthorized access due to the improper use of password hashes for authentication processes. This flaw allows attackers to bypass login mechanisms without needing to know or input the actual password, potentially compromising the integrity and confidentiality of the camera feeds and recorded footage. Affected users should seek to mitigate this risk through updates and security configurations as advised by Dahua.

Affected Version(s)

Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras Dahua Technology Co., Ltd Digital Video Recorders and IP Cameras

References

https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02
x_refsource_MISC
http://us.dahuasecurity.com/en/us/Security-Bulletin_03061...
x_refsource_MISC
http://www.securityfocus.com/bid/98312
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.